Security daily (22-07-2021)

No cyberattack in sprawling internet outage, Akamai says

A global internet outage on Thursday downed tens of thousands of websites, including those of giant corporations like McDonald’s and Delta Airlines, according to companies that track web statistics. But the company at the center of it says the downtime was not the result of a hack, data breach or other kind of malicious attack. Internet infrastructure company Akamai said it has fixed the issue that it began investigating shortly after noon EST. The specific problem was with Akamai Edge DNS, a service that touts its ability to provide constant Domain Name System availability. “Akamai can confirm this was not a cyberattack against Akamai’s platform,” the company said in a statement. “A software configuration update triggered a bug in the DNS system, the system that directs browsers to websites,” the company said in a statement explaining what went wrong. “This caused a disruption impacting availability of some customer websites.” Before […] The post No cyberattack in sprawling internet outage, Akamai says appeared first on CyberScoop. (CyberScoop)

Kaseya obtains decryption key for victims of massive ransomware attack

Roughly three weeks after Russia-based ransomware group REvil attacked Kaseya, the Florida-based IT firm has obtained a working decryption key to unlock encrypted files belonging to hundreds of victims, a spokesperson confirmed to CyberScoop on Thursday. Dana Liedholm, the company’s senior vice president of marketing, declined to comment on the source of the key, other than to say it came from a “trusted third party.” She also declined to comment when asked if the company had paid to obtain the key, or and on long it would take to remediate all the clients that had been impacted by the attack. Security firm Emisoft confirmed in a blog post that the decryptor works and it has been working with customers to restore their files. The news of the decryption tool was first reported by NBC’s Kevin Collier. Kaseya has estimated the number of affected companies at somewhere between 800 and 1,500. […] The post Kaseya obtains decryption key for victims of massive ransomware attack appeared first on CyberScoop. (CyberScoop)

S3 Ep42: Viruses, Nightmares, patches, rewards and scammers [Podcast]

Latest episode - listen now! (Naked Security)

NSO Will No Longer Talk To The Press About Damning Reports

(News ≈ Packet Storm)

Long-Awaited Bill Would Force Breach Victims To Contact CISA

(News ≈ Packet Storm)

740 Ransomware Victims Named On Data Leak Sites In Q2 2021

(News ≈ Packet Storm)

Saudi Aramco Denies Breach After Hackers Hawk Stolen Files

(News ≈ Packet Storm)

NPM Package Steals Passwords Via Chrome's Account Recovery Tool

(News ≈ Packet Storm)

Home And Office Routers Come Under Attack By China State Actors, France Warns

(News ≈ Packet Storm)

Researchers Hid Malware Inside An AI's Neurons And It Worked Scarily Well

(News ≈ Packet Storm)

APT Hackers Distributed Android Trojan via Syrian e-Government Portal

An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu (The Hacker News)

Reduce End-User Password Change Frustrations

Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.  This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions.  One of the most common areas where security may cause challenges for (The Hacker News)

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without (The Hacker News)

Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam

A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O'Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish (The Hacker News)

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejsnetserver" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent (The Hacker News)

FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics

Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn. (Threatpost)

Phish Swims Past Email Security With Milanote Pages

The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease. (Threatpost)

Critical Jira Flaw in Atlassian Could Lead to RCE

The software-engineering platform is urging users to patch the critical flaw ASAP. (Threatpost)

Industrial Networks Exposed Through Cloud-Based Operational Tech

Critical ICS vulnerabilities can be exploited through leading cloud-management platforms. (Threatpost)

Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware. (Threatpost)

Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug

A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems. (Threatpost)


/security-daily/ 23-07-2021 23:44:23